Amazon GuardDuty is a continuous security monitoring service that analyzes and processes the following data sources: VPC Flow Logs, AWS CloudTrail event logs, and DNS logs. It uses threat intelligence feeds, such as lists of malicious IPs and domains, and machine learning to identify unexpected and potentially unauthorized and malicious activity within your AWS environment. This can include issues like escalations of privileges, uses of exposed credentials, or communication with malicious IPs, URLs, or domains. For example, GuardDuty can detect compromised EC2 instances serving malware or mining bitcoin. It also monitors AWS account access behavior for signs of compromise, such as unauthorized infrastructure deployments, like instances deployed in a region that has never been used, or unusual API calls, like a password policy change to reduce password strength. GuardDuty informs you of the status of your AWS environment by producing security findings that you can view in the GuardDuty console or through Amazon CloudWatch events. For more information, see Amazon GuardDuty User Guide.
guardduty(config = list())Optional configuration of credentials, endpoint, and/or region.
svc <- guardduty(
config = list(
credentials = list(
creds = list(
access_key_id = "string",
secret_access_key = "string",
session_token = "string"
),
profile = "string"
),
endpoint = "string",
region = "string"
)
)
| accept_invitation | Accepts the invitation to be monitored by a master GuardDuty account |
| archive_findings | Archives GuardDuty findings specified by the list of finding IDs |
| create_detector | Creates a single Amazon GuardDuty detector |
| create_filter | Creates a filter using the specified finding criteria |
| create_ip_set | Creates a new IPSet, called Trusted IP list in the consoler user interface |
| create_members | Creates member accounts of the current AWS account by specifying a list of AWS account IDs |
| create_publishing_destination | Creates a publishing destination to send findings to |
| create_sample_findings | Generates example findings of types specified by the list of finding types |
| create_threat_intel_set | Create a new ThreatIntelSet |
| decline_invitations | Declines invitations sent to the current member account by AWS account specified by their account IDs |
| delete_detector | Deletes a Amazon GuardDuty detector specified by the detector ID |
| delete_filter | Deletes the filter specified by the filter name |
| delete_invitations | Deletes invitations sent to the current member account by AWS accounts specified by their account IDs |
| delete_ip_set | Deletes the IPSet specified by the ipSetId |
| delete_members | Deletes GuardDuty member accounts (to the current GuardDuty master account) specified by the account IDs |
| delete_publishing_destination | Deletes the publishing definition with the specified destinationId |
| delete_threat_intel_set | Deletes ThreatIntelSet specified by the ThreatIntelSet ID |
| describe_publishing_destination | Returns information about the publishing destination specified by the provided destinationId |
| disassociate_from_master_account | Disassociates the current GuardDuty member account from its master account |
| disassociate_members | Disassociates GuardDuty member accounts (to the current GuardDuty master account) specified by the account IDs |
| get_detector | Retrieves an Amazon GuardDuty detector specified by the detectorId |
| get_filter | Returns the details of the filter specified by the filter name |
| get_findings | Describes Amazon GuardDuty findings specified by finding IDs |
| get_findings_statistics | Lists Amazon GuardDuty findings' statistics for the specified detector ID |
| get_invitations_count | Returns the count of all GuardDuty membership invitations that were sent to the current member account except the currently accepted invitation |
| get_ip_set | Retrieves the IPSet specified by the ipSetId |
| get_master_account | Provides the details for the GuardDuty master account associated with the current GuardDuty member account |
| get_members | Retrieves GuardDuty member accounts (to the current GuardDuty master account) specified by the account IDs |
| get_threat_intel_set | Retrieves the ThreatIntelSet that is specified by the ThreatIntelSet ID |
| invite_members | Invites other AWS accounts (created as members of the current AWS account by CreateMembers) to enable GuardDuty and allow the current AWS account to view and manage these accounts' GuardDuty findings on their behalf as the master account |
| list_detectors | Lists detectorIds of all the existing Amazon GuardDuty detector resources |
| list_filters | Returns a paginated list of the current filters |
| list_findings | Lists Amazon GuardDuty findings for the specified detector ID |
| list_invitations | Lists all GuardDuty membership invitations that were sent to the current AWS account |
| list_ip_sets | Lists the IPSets of the GuardDuty service specified by the detector ID |
| list_members | Lists details about all member accounts for the current GuardDuty master account |
| list_publishing_destinations | Returns a list of publishing destinations associated with the specified dectectorId |
| list_tags_for_resource | Lists tags for a resource |
| list_threat_intel_sets | Lists the ThreatIntelSets of the GuardDuty service specified by the detector ID |
| start_monitoring_members | Turns on GuardDuty monitoring of the specified member accounts |
| stop_monitoring_members | Stops GuardDuty monitoring for the specified member accounnts |
| tag_resource | Adds tags to a resource |
| unarchive_findings | Unarchives GuardDuty findings specified by the findingIds |
| untag_resource | Removes tags from a resource |
| update_detector | Updates the Amazon GuardDuty detector specified by the detectorId |
| update_filter | Updates the filter specified by the filter name |
| update_findings_feedback | Marks the specified GuardDuty findings as useful or not useful |
| update_ip_set | Updates the IPSet specified by the IPSet ID |
| update_publishing_destination | Updates information about the publishing destination specified by the destinationId |
# NOT RUN {
svc <- guardduty()
svc$accept_invitation(
Foo = 123
)
# }
# NOT RUN {
# }
Run the code above in your browser using DataLab